Verbesserte Sicherheit durch Verringerung der Zeitbegrenzung der Tokenlebenszeit

css/login/ForgotPW.css

@@ -41,17 +41,14 @@
     font-size: 2.55em;
     color: #fff;
 }
-
 .txt_design {
     color: #003680;
     font-size: 1.65em;
 }
-
 #CustomerID {
     color: #003680;
     font-size: 1.320901320901321em;
 }
-
 #lbl_Hinweis {
     font-size: 1.188em;
     color: dimgrey;

login/ForgotPW.aspx

@@ -110,6 +110,10 @@
                      <td align="left" colspan="2"> 
                     <asp:TextBox ID="txt_Username" runat="server" Width = "250" />
                         </td></tr>
+                <tr style="color:#003680; height:30px;">
+                     <td align="left" colspan="2">  
+                          <asp:RegularExpressionValidator ID="val_usrnametxt" ControlToValidate="txt_Username" runat="server" ValidationExpression="[A-Z1-9].{4,12}" Display="Dynamic"></asp:RegularExpressionValidator>
+                         </td></tr>
                 <tr style="color:#003680; height:30px;">
                 <td align="right" colspan="2">                    
                 <asp:Label ID="lblMessage" runat="server" />

login/ForgotPW.aspx.vb

@@ -168,9 +168,10 @@ Partial Class login_ForgotPW
     Function getDateoftoken(tokenname As String) As Boolean
         Dim data() As Byte = Convert.FromBase64String(tokenname)
         Dim wenn As DateTime = DateTime.FromBinary(BitConverter.ToInt64(data, 0))
-        If wenn < DateTime.UtcNow.AddHours(-24) Then
+        If wenn < DateTime.UtcNow.AddMinutes(-30) Then
             Return False
             MsgBox("Token nicht gefunden oder zu alt!" + Environment.NewLine + "Bitte erneut Mail senden!")
+            tokenname = ""
         Else
             Return True
         End If